Official Worker Discussion

1234568

Comments

  • The reason the merging is setup this way becomes quite clear if you are a big team of developers and you need to keep the master branch in a functional state and ensure proper tracking of what work has been done. Typically someone higher up the chain is approving your PR:s and if your job is not properly done he/she will reject it.

  • edited September 14

    It was an amazing box, Learnt something new. User and Root both were great.
    Initial Foothold:The server still has that thing that you think is not there. Find a way to get that.
    User:It is same as Git Hub but only now it is uploading exactly where you need it to
    Root:Start from the beginning and take the pipes with you

    PM if you need help
    Thanks @ekenas for such an amazing box

  • @ekenas the machine is not functional for most of the time.
    running out of patience .

  • and resetting doesnt solve shit!

  • edited September 15
    Type your comment> @in3vitab13 said:
    > @ekenas the machine is not functional for most of the time.
    > running out of patience .

    Hi @in3vitab13 can you PM me with info and I’ll try to see if I can help out. I see a lot of people rooting Worker now so was under the consumption it was running nicely.

  • Type your comment> @blacViking said:
    > It was an amazing box, Learnt something new. User and Root both were great.
    > Initial Foothold:The server still has that thing that you think is not there. Find a way to get that.
    > User:It is same as Git Hub but only now it is uploading exactly where you need it to
    > Root:Start from the beginning and take the pipes with you
    >
    > PM if you need help
    > Thanks @ekenas for such an amazing box

    Thanx for the feedback and glad you liked it. Realism and no-guessing was an important part when designing this machine.

  • edited September 16

    Currently on the de*o*s.worker.htb and have already uploaded it to master on di*ensi*n, not sure what's taking so long to auto-deploy it.

  • Type your comment> @PapyrusTheGuru said:

    Currently on the de*o*s.worker.htb and have already uploaded it to master on di*ensi*n, not sure what's taking so long to auto-deploy it.

    if you mean "auto-complete" then i guess its a never ending process!
    my tip: satisfy all 3 demands and then you can complete it in one click only!

  • edited September 16

    Type your comment> @in3vitab13 said:

    Type your comment> @PapyrusTheGuru said:

    Currently on the de*o*s.worker.htb and have already uploaded it to master on di*ensi*n, not sure what's taking so long to auto-deploy it.

    if you mean "auto-complete" then i guess its a never ending process!
    my tip: satisfy all 3 demands and then you can complete it in one click only!

    Uhhh... my bad, can I DM you about it? I'm quite sure I'm doing everything alright but I'd always like a sanity check.

  • Type your comment> @PapyrusTheGuru said:

    Type your comment> @in3vitab13 said:

    Type your comment> @PapyrusTheGuru said:

    Currently on the de*o*s.worker.htb and have already uploaded it to master on di*ensi*n, not sure what's taking so long to auto-deploy it.

    if you mean "auto-complete" then i guess its a never ending process!
    my tip: satisfy all 3 demands and then you can complete it in one click only!

    Uhhh... my bad, can I DM you about it? I'm quite sure I'm doing everything alright but I'd always like a sanity check.

    sure bro!

  • I just tested the complete exploitation process of worker and it was fine (EU2).

  • Fun box! Unfortunately I skipped over something quite easy to get user and it took me a while longer to find it, but root was pretty straightforward.

    m3ll0

    OSCP

  • Type your comment> @m3ll0 said:
    > Fun box! Unfortunately I skipped over something quite easy to get user and it took me a while longer to find it, but root was pretty straightforward.

    Root wasn't straight forward for me. After roaming in dead end, I went back to the thing again.

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • edited September 16

    @gunroot
    Okay 'straight-forward' isn't the right term. I did exhaust a lot of options enumerating the box but I didn't go as far as throwing exploits against it, often it is way simpler than that in CTF-like environments... I have to remind myself of that all too often.

    m3ll0

    OSCP

  • edited September 18

    Got root! Amazing box, thank you @ekenas !
    PM for nudges!

  • any lead for root, please?

  • Type your comment> @in3vitab13 said:

    any lead for root, please?

    Think what you did for user1 :)

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

  • @acidbat said:
    Type your comment> @in3vitab13 said:

    any lead for root, please?

    Think what you did for user1 :)

    from initial foothold to r*****l , it was straightforward, !
    but cant figure , out how to put approach for root?!!
    any article/concept that i need to study . , would be helpful bro!

  • Type your comment> @in3vitab13 said:

    @acidbat said:
    Type your comment> @in3vitab13 said:

    any lead for root, please?

    Think what you did for user1 :)

    from initial foothold to r*****l , it was straightforward, !
    but cant figure , out how to put approach for root?!!
    any article/concept that i need to study . , would be helpful bro!

    Check your inbox :)

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

  • edited September 25

    I straight up downloaded the entire repo and grepped it for creds, found nothing

    What is everyone talking ab

    Edit: nvm I found it as soon as I posted this

    LMAY75
    Always happy to help, DM me if you need anything!

  • edited September 25

    *Spoiler Removed*

    LMAY75
    Always happy to help, DM me if you need anything!

  • Rooted! Really good box, I learned a ton about the vuln service and exploiting it in various ways. 10/10 would recommend. If you need hints feel free to DM me.

    LMAY75
    Always happy to help, DM me if you need anything!

  • I really enjoyed this box. got stuck a few times, but I was able to scan the forum posts and that pointed me in the right direction. make sure when you're trying to login to d****s that you don't have your manual proxy set in your browser, it made the login page give me a false negative and almost messed me up.
    PM for a nudge

  • An interesting box that allowed me to play around with a CI tool I wasn't familiar with.
    My 2cents:

    • Foothold: go back to that revision, and use the CI tool to get what you want
    • User: enum enum
    • Root: abuse that thing again
!
  • edited September 29

    What a frustrating box. Comes online for 2 minutes, goes offline for 2, comes online for 2 minutes.. Repeat.

    Giving up

  • @luckycharmelf said:

    What a frustrating box. Comes online for 2 minutes, goes offline for 2, comes online for 2 minutes.. Repeat.

    Giving up

    Double check this isn't something you are doing. Looking at the stats people are still able to get user/root flags so there must be some stability somewhere.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited September 29

    @TazWake said:
    @luckycharmelf said:

    What a frustrating box. Comes online for 2 minutes, goes offline for 2, comes online for 2 minutes.. Repeat.

    Giving up

    Double check this isn't something you are doing. Looking at the stats people are still able to get user/root flags so there must be some stability somewhere.

    I don't see what I could be doing wrong? I started up the machine (no one else on us-vip-24 was using it I guess) and waited 15 minutes to let it boot up. Then I just started a ping every 5 seconds and did nothing else to that box.

    This is what I get. Up for ~120 seconds, down for ~120 seconds, up for ~120 seconds, etc

    https://pastebin.com/ynFNx887

    Edit: I changed to us-vip-15, started the box, and I can ping it for more than 2 minutes at a time ¯\_(ツ)_/¯

  • @luckycharmelf said:

    I don't see what I could be doing wrong? I started up the machine (no one else on us-vip-24 was using it I guess) and waited 15 minutes to let it boot up. Then I just started a ping every 5 seconds and did nothing else to that box.

    This is what I get. Up for ~120 seconds, down for ~120 seconds, up for ~120 seconds, etc

    https://pastebin.com/ynFNx887

    Edit: I changed to us-vip-15, started the box, and I can ping it for more than 2 minutes at a time ¯\_(ツ)_/¯

    That is pretty odd. If it happens again, you should raise a JIRA ticket for HTB to address the issue.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited October 6

    (for some reason, it resolved itself)
    Hi,

    I'm running into some issues that i do not get the possibility to input the found credentials to continue. This is happening both via curl and ff.

    also tried moving vpn but that also does not seem to resolve it.

    has anyone have/had the same issues or could point me in the direction so that i continue with the box?

    thanks in advance!

    Pheaxx

  • Nee help. managed to log and want to load my evil shell. The challenge is, am getting "No work items linked" hence can't merge. Am getting a "no suggestion" hence can't do anything on work items. Any help please.

Sign In to comment.